The intruder is no doubt looking at your traffic. You should too. How will you know what's
not normal if you've never seen your normal traffic on the wire?

[an error occurred while processing this directive]

[an error occurred while processing this directive]

[an error occurred while processing this directive]

The Enemy Within
By: Bagarre

[an error occurred while processing this directive]

Loading Document

If the page does not load, click here.
[an error occurred while processing this directive]
[an error occurred while processing this directive]

Of all the people trying to break into your networks possibly the most dangerous, stealthy
and persistent will be your own users. They know your structure, architecture and security posture.
They probably don't fear repercussions because they don't think they are doing anything wrong and
last but definitely not least, they have internal access and are trusted.

We've all heard the phrase "Users are losers". How many of you thought they were talking about
drugs in those commercials ;) but joking aside, these are the guys and gals that will cause you
the most work!

"Yes, hello? Computer guys? I just clicked on an email attachment and now, everything is running slow."

"I don't know what happened, I stuck the floppy into the computer and now, everything is weird.
Huh? My son gave me the floppy."

"I didn't delete those files."

"They are not hacker tools and I was just curious about our networks."

Hmmm...

What email filters are you running?

Do you have a policy in place that addresses unauthorized software on company computers?

The best way to protect your users from themselves is with written policies. These policies
should outline what the users can and cannot do. There is no problem with a user agreement being
several pages long, so long as it's worded in a way that the user can understand and someone takes
the time to explain the agreement to them. Try to break the agreement down into short paragraphs that
address specific items and put check boxes next to each paragraph for the users initials. Remember,
an agreement is useless if the user doesn't understand what it sais or doesn't take the time to read it.
It might be a good idea to hold a meeting with them to explain it better. This is not a credit card agreement.
\There should be NO fine print or loop holes. We are not trying to put someone on the hook. We are trying to
explain to the users what their responsibilities are. They need to feel like they are in the loop on this one.
That they have a responsibility to the well being of the network. They should care about security.

Web browsing. Not specific websites that are off limits but what activities are unauthorized. This can be
as general as "any activity not directly contributing to the well being and productivity of the company" or
actually spelling it out. Either way, what we are trying to deter is the person that spends his whole day
reading slashdot articles or surfing ebay and not doing what he's being paid to do.

Downloading software. Absolutely no unauthorized software will be downloaded, installed or run by a user
without written permission by the IT staff. This also means you have to define what software is authorized.

Attempting to access shares or services on the network that they do not have explicit permissions to.

This is by no means an all-inclusive list. This is just a quick starting point to get the ball rolling.
Don't word these agreements in a way that puts your users on the defensive. These papers are supposed to keep
them out of trouble by letting them know what they shouldn't be doing. These are not 'or els' documents. Those
may come later after in the form of a performance evaluation after they violate these agreements.